From: ira.weiny@intel.com To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Dave Hansen <dave.hansen@linux.intel.com> Cc: Fenghua Yu <fenghua.yu@intel.com>, Ira Weiny <ira.weiny@intel.com>, x86@kernel.org, linux-kernel@vger.kernel.org, Andrew Morton <akpm@linux-foundation.org>, linux-doc@vger.kernel.org, linux-nvdimm@lists.01.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, Dan Williams <dan.j.williams@intel.com>, Greg KH <gregkh@linuxfoundation.org> Subject: [PATCH V3 09/10] x86/pks: Enable Protection Keys Supervisor (PKS) Date: Fri, 6 Nov 2020 15:29:07 -0800 [thread overview] Message-ID: <20201106232908.364581-10-ira.weiny@intel.com> (raw) In-Reply-To: <20201106232908.364581-1-ira.weiny@intel.com> From: Fenghua Yu <fenghua.yu@intel.com> Protection Keys for Supervisor pages (PKS) enables fast, hardware thread specific, manipulation of permission restrictions on supervisor page mappings. It uses the same mechanism of Protection Keys as those on User mappings but applies that mechanism to supervisor mappings using a supervisor specific MSR. Kernel users can thus defines 'domains' of page mappings which have an extra level of protection beyond those specified in the supervisor page table entries. Enable PKS on supported CPUS. Co-developed-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Fenghua Yu <fenghua.yu@intel.com> --- Changes from V2 From Thomas: Make this patch last so PKS is not enabled until all the PKS mechanisms are in place. Specifically: 1) Modify setup_pks() to call write_pkrs() to properly set up the initial value when enabled. 2) Split this patch into two. 1) a precursor patch with the required defines/config options and 2) this patch which actually enables feature on CPUs which support it. Changes since RFC V3 Per Dave Hansen Update comment Add X86_FEATURE_PKS to disabled-features.h Rebase based on latest TIP tree --- arch/x86/include/asm/disabled-features.h | 6 +++++- arch/x86/kernel/cpu/common.c | 15 +++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index 164587177152..82540f0c5b6c 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -44,7 +44,11 @@ # define DISABLE_OSPKE (1<<(X86_FEATURE_OSPKE & 31)) #endif /* CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS */ -#define DISABLE_PKS (1<<(X86_FEATURE_PKS & 31)) +#ifdef CONFIG_ARCH_HAS_SUPERVISOR_PKEYS +# define DISABLE_PKS 0 +#else +# define DISABLE_PKS (1<<(X86_FEATURE_PKS & 31)) +#endif #ifdef CONFIG_X86_5LEVEL # define DISABLE_LA57 0 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 35ad8480c464..f8929a557d72 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -58,6 +58,7 @@ #include <asm/intel-family.h> #include <asm/cpu_device_id.h> #include <asm/uv/uv.h> +#include <linux/pkeys.h> #include "cpu.h" @@ -1494,6 +1495,19 @@ static void validate_apic_and_package_id(struct cpuinfo_x86 *c) #endif } +/* + * PKS is independent of PKU and either or both may be supported on a CPU. + * Configure PKS if the CPU supports the feature. + */ +static void setup_pks(void) +{ + if (!cpu_feature_enabled(X86_FEATURE_PKS)) + return; + + write_pkrs(INIT_PKRS_VALUE); + cr4_set_bits(X86_CR4_PKS); +} + /* * This does the hard work of actually picking apart the CPU stuff... */ @@ -1591,6 +1605,7 @@ static void identify_cpu(struct cpuinfo_x86 *c) x86_init_rdrand(c); setup_pku(c); + setup_pks(); /* * Clear/Set all flags overridden by options, need do it -- 2.28.0.rc0.12.gb6a658bd00c9
next prev parent reply other threads:[~2020-11-06 23:29 UTC|newest] Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-11-06 23:28 [PATCH V3 00/10] PKS: Add Protection Keys Supervisor (PKS) support V3 ira.weiny 2020-11-06 23:28 ` [PATCH V3 01/10] x86/pkeys: Create pkeys_common.h ira.weiny 2020-11-06 23:29 ` [PATCH V3 02/10] x86/fpu: Refactor arch_set_user_pkey_access() for PKS support ira.weiny 2020-11-06 23:29 ` [PATCH V3 03/10] x86/pks: Add PKS defines and Kconfig options ira.weiny 2020-11-06 23:29 ` [PATCH V3 04/10] x86/pks: Preserve the PKRS MSR on context switch ira.weiny 2020-12-17 14:50 ` Thomas Gleixner 2020-12-17 22:43 ` Thomas Gleixner 2020-12-18 13:57 ` Thomas Gleixner 2020-12-18 19:20 ` Dan Williams 2020-12-18 21:06 ` Thomas Gleixner 2020-12-18 21:58 ` Dan Williams 2020-12-18 22:44 ` Thomas Gleixner 2020-12-18 19:42 ` Ira Weiny 2020-12-18 20:10 ` Dave Hansen 2020-12-18 21:30 ` Thomas Gleixner 2020-12-18 4:05 ` Ira Weiny 2020-12-17 20:41 ` [NEEDS-REVIEW] " Dave Hansen 2020-12-18 4:10 ` Ira Weiny 2020-12-18 15:33 ` Dave Hansen 2020-11-06 23:29 ` [PATCH V3 05/10] x86/entry: Pass irqentry_state_t by reference ira.weiny 2020-11-15 18:58 ` Thomas Gleixner 2020-11-16 18:49 ` Ira Weiny 2020-11-16 20:36 ` Thomas Gleixner 2020-11-24 6:09 ` [PATCH V3.1] entry: " ira.weiny 2020-12-11 22:14 ` Andy Lutomirski 2020-12-16 1:32 ` Ira Weiny 2020-12-16 2:09 ` Andy Lutomirski 2020-12-17 0:38 ` Ira Weiny 2020-12-17 13:07 ` Thomas Gleixner 2020-12-17 13:19 ` Peter Zijlstra 2020-12-17 15:35 ` Andy Lutomirski 2020-12-17 16:58 ` Thomas Gleixner 2020-11-06 23:29 ` [PATCH V3 06/10] x86/entry: Preserve PKRS MSR across exceptions ira.weiny 2020-12-17 15:28 ` Thomas Gleixner 2020-11-06 23:29 ` [PATCH V3 07/10] x86/fault: Report the PKRS state on fault ira.weiny 2020-11-06 23:29 ` [PATCH V3 08/10] x86/pks: Add PKS kernel API ira.weiny 2020-12-23 20:39 ` Randy Dunlap 2020-11-06 23:29 ` ira.weiny [this message] 2020-11-06 23:29 ` [PATCH V3 10/10] x86/pks: Add PKS test code ira.weiny 2020-12-17 20:55 ` Dave Hansen 2020-12-18 4:05 ` Ira Weiny 2020-12-18 16:59 ` Dan Williams 2020-12-07 22:14 ` [PATCH V3 00/10] PKS: Add Protection Keys Supervisor (PKS) support V3 Ira Weiny 2020-12-08 15:55 ` Thomas Gleixner 2020-12-08 17:22 ` Ira Weiny
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20201106232908.364581-10-ira.weiny@intel.com \ --to=ira.weiny@intel.com \ --cc=akpm@linux-foundation.org \ --cc=bp@alien8.de \ --cc=dan.j.williams@intel.com \ --cc=dave.hansen@linux.intel.com \ --cc=fenghua.yu@intel.com \ --cc=gregkh@linuxfoundation.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-kselftest@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-nvdimm@lists.01.org \ --cc=luto@kernel.org \ --cc=mingo@redhat.com \ --cc=peterz@infradead.org \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ --subject='Re: [PATCH V3 09/10] x86/pks: Enable Protection Keys Supervisor (PKS)' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).